Synopsis: Moderate: python security and bug fix update
Advisory ID: SLSA-2019:2030-1
Issue Date: 2019-08-06
CVE Numbers: CVE-2019-9947
CVE-2018-14647
CVE-2019-9740
CVE-2019-9948
CVE-2019-5010
—
Security Fix(es):
* python: Missing salt initialization in _elementtree.c module
(CVE-2018-14647)
* python: NULL pointer dereference using a specially crafted X509
certificate (CVE-2019-5010)
* python: CRLF injection via the query part of the url passed to urlopen()
(CVE-2019-9740)
* python: CRLF injection via the path part of the url passed to urlopen()
(CVE-2019-9947)
* python: Undocumented local_file protocol allows remote attackers to
bypass protection mechanisms (CVE-2019-9948)
—
SL7
x86_64
python-2.7.5-86.el7.x86_64.rpm
python-libs-2.7.5-86.el7.i686.rpm
python-devel-2.7.5-86.el7.x86_64.rpm
python-libs-2.7.5-86.el7.x86_64.rpm
python-test-2.7.5-86.el7.x86_64.rpm
python-tools-2.7.5-86.el7.x86_64.rpm
python-debug-2.7.5-86.el7.x86_64.rpm
tkinter-2.7.5-86.el7.x86_64.rpm
python-debuginfo-2.7.5-86.el7.i686.rpm
python-debuginfo-2.7.5-86.el7.x86_64.rpm
– Scientific Linux Development Team
